Apple’s T2 Security Chip Is Currently Blocking Linux From Booting

Linux enthusiasts must be knowing that one can run Linux distributions on Apple’s older hardware, including the MacBook Air. The quality of Apple’s solid hardware had even prompted Linux creator Linus Torvalds to use MacBook Air to run Linux in the past.

However, the newer lineup Apple hardware is becoming increasingly hostile towards Linux. With the latest T2 security chip, Apple’s latest Mac Mini is stopping Linux from booting, as reported by Phoronix. I guess it would be safe to assume similar results on other newer Apple hardware.

As we already know, the T2 chip verifies each step of the booting process using Apple signed keys. Apart from UEFI Secure Boot validation, it’s also used for a number of other security-focused features.

As Phoronix notes, the Boot Camp Assistant software, which is used for enabling support for Windows, installs Windows Production CA 2011 certificate. This certificate is used by other Microsoft partners, including Linux distributions.

However, as per T2 documentation, currently, there’s “no trust provided for the Microsoft Corporation UEFI CA 2011. This UEFI CA is commonly used to verify the authenticity of bootloaders for other operating systems such as Linux variants.”

One might wonder that disabling Secure Boot entirely could allow Linux to load, but that’s not the case here. T2 chip is still blocking operating systems other than macOS and Windows 10. It’s strange given the fact that No Security setting of macOS Secure Boot mentions that it doesn’t force “any security requirements for your startup disk.”